Not Applicable
Not Applicable
Not Applicable
1. Field of the Invention
The present invention relates to technology for preventing fraud in credit/debit card payment systems.
2. Description of the Related Art
Previously, measures for preventing fraudulent use of credit cards in card transaction payment systems have included two methods: a credit check for the card used and cardholder validation.
Credit involves recognizing the validity of the card, for example, whether the credit card has been stolen or whether the credit limit has been exceeded. This procedure is usually carried out by sending card information, such as the credit card number, from a card transaction terminal located in the member store to a transaction authorization computer, which is a host computer at the credit card company, a merchant bank computer, or the like, referencing card information stored in a database within the transaction authorization computer, confirming the available credit line, etc., and determining whether the card can be used. When a credit card holder wants to use a credit card to pay for goods or services at a credit card member store (hereinafter xe2x80x9cmember storexe2x80x9d), a credit check for the card is first carried out at the member store. Normally, a credit check proceeds by sending card information, such as the card number and expiration date, through a credit card transaction terminal (hereinafter xe2x80x9ctransaction terminalxe2x80x9d) located in the member store to a settlement payment computer and requesting the credit check. When the transaction authorization computer receives the credit check request, the transaction authorization computer references the database to find out whether the pertinent credit card has been made unusable by being reported lost or stolen, and whether the credit limit for the card will be exceeded by the current transaction. The information regarding whether payment with the pertinent credit/debit card is allowed, based on the results of the check, is sent to the aforementioned card transaction terminal at the member store. Card information stored in the database includes, for example, the cardholder address, telephone number, birth date, registered PIN (Personal Identification Number), the credit limit, and the number of credit card transactions permitted within a specified period. When the transaction authorization computer reports the results of the credit check to the card transaction terminal at the member store, a transaction authorization code is issued. When the results of the credit check permit credit card payment, a credit card sales receipt, whereon the transaction authorization code is recorded, is issued by the card transaction terminal at the member store, and the card user validation process is performed.
The user validation process involves comparing the customer signature receipt with the signature previously inscribed on the credit card, by comparing the face of the card user with a photograph on the card for cards having photographs, or by checking the PIN input by the card user to the card transaction terminal against the PIN previously stored in the database of the transaction authorization computer. Measures for preventing fraudulent card usage in the conventional art include recording the loss of a card in the transaction authorization computer database when the cardholder loses his or her card, and performing a credit check with the transaction authorization computer every time the card is used to prevent fraudulent use by a person who found the card. In addition, performing a user validation procedure, such as PIN input every time the card is used for payment, makes it possible to deal with a situation where there is no information to prevent the use of a lost card.
In the above prior art, when a card is lost or stolen, the card user quickly contacts the credit company and adds xe2x80x9cusage not allowedxe2x80x9d to the card information in the database. As a result, when a third party tries to use the card, xe2x80x9cusage not allowedxe2x80x9d is determined in the credit check and can make it impossible to use that card. However, with the broad dissemination of various types of cards, such as credit cards, it is often the case that a single user has a plurality of cards and may not be immediately aware of the fact that a card is lost or stolen. Furthermore, all the cards possessed by a user may not carried, and it is often the case that discovery of the loss or theft of a card is delayed.
For most current credit cards, information such as the card number, card expiration date, user name, and so forth is printed on the surface of the credit card and is recorded on the magnetic tape affixed to the card. These credit cards and transaction authorization systems have the disadvantage that card information necessary for recognizing the card number, expiration date, cardholder, and cardholder signature is easily stolen from the card or terminal. Consequently, the cardholders and credit card companies face considerable liabilities because of card forgery or theft. For example, the method of recognizing a user by comparing the PIN input by the user to the PIN stored in the transaction authorization computer is a secure user validation method because, in theory, the PIN is information known only by the bona fide user of the credit card. However, cases have occurred wherein PINs have been stolen by modifying the card transaction terminal established in the member store and stealing and recording the PIN r input by a user when the card information is acquired. Thus, user validation technology using a PIN is not necessarily effective in preventing the illicit use of stolen or forged cards. The debit card payment system, a shopping service using cash transfer cards, has the same types of problems as the aforementioned credit cards with regard to security against the leakage of card information.
Related materials include the Japanese Patent Laid-open Nos. 2001-21789, 2001-175751, and 2001-134684.
Japanese Patent Laid-open No. 2001-21789 relates to encrypting a password or the like and inputting the password from the user terminal directly to a verification center in order to ensure security in transactions on the Internet Japanese Patent Laid-open No. 2001-175751 relates to a dedicated terminal comprising a card reader used by a user in order to improve the security in credit processing for credit card payments in on-line shopping. Japanese Patent Laid-open Nos. 2001-21789 and 2001-175751 both relate to security in the payment of virtual transactions concluded by credit card and do not relate to security for credit card transactions concluded in an actual store. Japanese Patent Laid-open No. 2001-134684 makes it possible to use a cellular phone to purchase items from an automatic vending machine by specifying the user with the cellular phone user ID and having a credit card company provide payment. Japanese Patent Laid-open No. 2001-134684 is also not related to security for credit card transactions in an actual store.
In view of the problems with the prior art discussed above, issues to be resolved by the present invention include (1) preventing transaction authorization when the credit card is lost or stolen or when it appears that the card ID information has been copied, and (2) eliminating the danger that information necessary for user validation, such as the PIN, can be stolen during the payment process.
The present invention provides a method, system, and terminals for credit card and debit card transactions, that can resolve these problems.
The method of the present invention for providing secure, bona fide credit/debit transactions, using a card transaction terminal in a credit/debit card member store, includes the steps of: storing information for recognizing a credit card user in a database capable of being accessed by a host computer to which said card transaction terminal is connectable; sending information relating to said credit transaction payment from said card transaction terminal to a portable communication terminal containing information relating to the identity of said credit card user registered therein; inputting said identity information and said information relating to said credit transaction payment to said host computer through said portable communication terminal; and verifying said credit card user as the authentic cardholder on the basis of said validation and identification information.
Moreover, the present invention provides a method of authorizing credit/debit card transactions, using a card transaction terminal in a credit card member store, comprising the steps of: storing location information of said card transaction terminal in a database capable of being accessed by a host computer to which said card transaction terminal is connectable; sending information relating to said credit transaction payment from said card transaction terminal to a portable communication terminal containing information relating to the identity of said credit card user; inputting information relating to the current location of said portable communication terminal to said host computer; and recognizing said credit card user as the authentic cardholder when said location of said portable communication terminal is within a predetermined range from of said card transaction terminal.
Furthermore, the present invention provides a method of authorizing credit/debit card transactions, using a card transaction terminal in a credit card member store, comprising the steps of: storing information for recognizing a credit card user and the location information of said card transaction terminal in a database capable of being accessed by a host computer to which said card transaction terminal is connectable; sending information relating to said credit transaction payment from said card transaction terminal to a portable communication terminal containing information relating to the identity of said credit card user; inputting said identity information and information relating to payment of said credit transaction to said host computer through said portable communication terminal; and recognizing said credit card user as the authentic cardholder on the basis of said validation and information; inputting information relating to the current location of said portable communication terminal to said host computer; and authorizing said credit card payment when the location of said portable communication terminal is within a predetermined range of the location of said card transaction terminal.
The system of the present invention, as pertains to credit and debit card transactions taking place at a transaction terminal located in a credit card/debit card member store comprises: a host computer capable of communicating with said card transaction terminal and capable of carrying out transaction validation processing on the basis of information sent from said card transaction terminal; wherein said host computer is capable of accessing a database storing information for validating a credit card user; and said host computer identifies said credit card user as an authentic cardholder on the basis of information for recognizing said credit card user and identity information, when information in relating to identity of said credit card user and said information relating to said credit transaction validation are inputted from a portable communication terminal having said identity information registered therein.
Also, the present invention provides a transaction authorization system in credit transactions, for carrying out payment by credit/debit card using a card transaction terminal in a credit card member store, comprising a host computer being capable of communicating with said card transaction terminal and carrying out said settlement process based on information sent from said card transaction terminal; wherein said host computer is able to access a database to which location information for said card transaction terminal is registered in advance; and said host computer identifies said credit card user as an authentic cardholder on the basis of said location information of said portable communication terminal and the location information of said card transaction terminal, when information relating to identity of the credit card user and said information relating to the credit transaction settlement are inputted from said portable communication terminal, to which said identity information is registered in advance.
Moreover, the present invention provides a portable communication terminal device capable of being used for credit card authorization, including: a wireless communication component for sending and receiving wireless signals for transmitting information through a public communication network; a main controller connected to this wireless communication component; a key input component for inputting data and connected to said main controller; a display screen connected to said main controller; a memory, for storing information relating to said credit card therein and connected to said main controller; and a card transaction terminal communication component connected to said main controller; wherein said card transaction terminal communication component is configured to be able to receive information relating to the settlement from the card transaction terminal in the credit card member store; and said main controller is constituted to be able to control the sending of the information for verifying that said credit card user is the bona fide cardholder, along with said information relating to the transaction, through said wireless communication component.
As the invention of a card transaction terminal that can resolve these problems, the present invention provides a card transaction terminal for carrying out credit transaction settlements at a credit card member store and includes: a card reader for reading credit card information; a main controller connected with said card reader; a first communication component, connected with said main controller, for communicating with a host computer; a second communication component, connected with said main controller, for establishing a wireless connection with a portable terminal device in which the cardholder""s identity information is stored; wherein said controller is able to send the credit card information read by said card reader to said host computer and receive the code for specifying the authorization for the transaction from said host computer through said first communication component, and to send said code thus received through said second communication component.
In addition, the present invention provides a card transaction terminal for carrying out credit/debit card transactions at a credit card member store which includes: a terminal control with which data input operations are performed; a main controller connected with said terminal control; a first communication component, connected with said main controller, for communicating with a host computer; a second communication component, connected with said main controller, for establishing a wireless connection with a portable terminal device in which the cardholder""s identity information is stored; wherein said controller is able to send, to said cellular phone, transaction price data corresponding to the product information input from said terminal control and a code for specifying the member store where the card transaction terminal is located, and to receive, from said cellular phone, a code specifying authorization of the transaction and a code specifying transaction completion, both codes transmitted through said second communication component, and is further able to send said code specifying transaction completion from said first communication component to said host computer.
The present invention makes it possible to prevent the fraudulent use of cards or the like, even when the card has been lost or stolen or card information or the like has been revealed, and can improve security in the settlement of credit transactions.